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METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR 
POLICY BASED NETWORK CONTROL OF CHARACTERISTICS OF 

USER SESSIONS 

Field of the Invention 

The present invention relates to network 
management in general and in particular to preference 
5 management in a network environment. 

Background of the Invention 

Traditional mainframe computer configurations 
provided for user interface to the computer through 

10 computer terminals which were directly connected by- 

wires to ports of the mainframe computer. As computing 
technology has evolved, processing power has typically 
evolved from a central processing center with a number 
of relatively low-processing power terminals to a 

15 distributed environment of networked processors. 

Examples of this shift in processing include local or 
wide area computer networks which interconnect 
individual work stations where each workstation has 
substantial independent processing capabilities. This 
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shift may be further seen in the popularity of the 
Internet which interconnects many processors and 
networks of processors through devices such as, for 
example, routers. This type of network environment is 
5 often referred to as a client -server environment with 

client stations coupled to and supported by a server 
station. 

In the modern distributed processing computer 
environment, control over software, such as application 
10 programs, is more difficult than where a mainframe 

operated by an administrator is used, particularly for 
ifj large organizations with numerous client stations and 

!jf servers distributed widely geographically and utilized 

by a large number of users. Furthermore, individual 

iil" 

jli 15 users may move from location to location and need to 

access the network from different client stations at 
different times. The networked environment increases 
the challenges forca network administrator in 
maintaining proper licenses for existing software and 

2 0 deploying new or updated application programs across 
the network . 

A further complication in network systems is that, 
typically, these systems include combinations of 
network applications and native applications as well as 
25 . combinations of different connection types and hardware 

devices. As used herein "native applications 11 refers 
to applications which are installed locally on a 
workstation such that characteristics associated with 
the native application are stored on the workstation. 

3 0 The combinations of network connections, differing 
hardware, native applications and network applicatons 
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makes portability of preferences or operating 
environment characteristics which provide consistency 
from workstation to workstation difficult. 
Furthermore, differences in hardware or connections may 
5 create inefficiencies as users move from workstation to 

workstation. For example, a user may, in a first 
session, access the network utilizing a high speed 
connection and a workstation with a high resolution 
color monitor to execute an application and then, in a 
10 later session, access the network to execute the same 

application from a mobile computer with a monochrome 
display and a low speed modem connection to the 
network. Thus, session content, such as color display 
data or preferences associated with the application, 
15 which may have been appropriate for the first session 

may be inappropriate or inefficient in a later session. 

Efforts to address mobility of uses in a network 
have included efforts to provide preference mobility 
jig such as, for example, Novell 1 s Z . E . N . works™ , 

20 Microsoft's "Zero Administration" initiative for 

Windows® and International Business Machines 
Corporation's (IBM's) Workspace On Demand™. However, 
these solutions each typically require pre-installation 
of software at the workstation to support their 
25 services. For example, 'Novell's Z.E.N, and IBM's 

Workspace On Demand utilize a vendor- supplied support 
layer in the operating system to enable their services. 
In addition to modifying the workstations operating 
system at startup to setup tasks to customize the 
3 0 user's environment, the Microsoft Zero Administration 

solution may be limited to a homogeneous environment 



hi 
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where the workstation and the server are utilizing the 
same operating system. 

Each of these "mobility" systems typically do not 
address the full range of complications which may arise 
in a heterogeneous network utilizing differing devices 
and connections. Users would typically have to manually 
define session characteristics at each differing 
workstation they used in the network or maintain local 
characteristic definitions which may be inappropriate 
for particular applications a user is executing and may 
substantially reduce the administrative convenience of 
a centrally controlled network. Thus, these various 
approaches fail to provide a seamless integration of 
session characteristics across heterogeneous network 
devices. Such solutions may reduce network 
administration only after initial installation on each 
workstation. Furthermore, content is typically not 
addressed such that inefficiencies in use of the 
network may result. 

Summary of the Invention 

Accordingly, it is an object of the present 
invention to provide methods, systems and computer 
program products for management of user sessions in a 
network environment . 

It is a further object of the present invention to 
provide such methods, systems and computer program 
products which do not require pre-installation of 
software at the workstations. 

It is a further object of the present invention to 
provide such methods, systems and computer program 



products that can automatically accommodate various 
types of hardware operating under different operating 
systems . 

These and other objects are provided, according to 
5 the present invention, by controlling a user session in 

a network by defining rules for controlling user 
sessions based on characteristics of an operating 
environment , determining the characteristics of an 
instance of an operating environment associated with a 

10 user session in the network and applying the defined 

rules to the determined characteristics to control the 
user session based on the characteristics of the 
instance of the operating environment. In particular, 
the type of network connection, the type of device 

15 connected to the network, the user identification of 

the user and/or the identification of an application 
executed by the user may be determined and the session 
controlled based on this determination. Preferably, 
the rules control the content of communications 

2 0 provided during the user session based on the 

characteristics of the operating environment. 

By controlling the user sessions based on rules, 
content provided to the user may be customized for the 
session. Thus, the user's session may be optimized for 
25 the instance of the operating environment of the user 

by leveraging information of the instance to provide 
session specific content to the user. Accordingly, 
network efficiency or device performance may be 
improved by not utilizing network bandwidth or system 

3 0 resources to handle information which is not needed by 

the user. Similarly, group consistency and mobility of 
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the user in the network may be improved as the content 
provided to the user, including such things as 
characteristics of a network connection, 
characteristics of content associated with a device 
5 utilized by the user and preferences associated with an 

application utilized by a user, may be modified based 
on the specific characteristics of an instance of the 
operating environment of the user. 

In particular embodiments of the present 

10 invention, the rules may also control access to 

applications or the network based on the 
characteristics of an operating environment. 

In another embodiment of the present invention, 
the defined rules are stored on a network accessible 

15 server. The defined rules are then obtained from the 

network accessible server in response to the 
determination of characteristics of an instance of an 
operating environment associated with a user session in 
the network. Preferably, the network accessible server 

2 0 is an on-demand server. 

In a further embodiment of the present invention, 
content provided to a device of a user of a network is 
controlled by p rovidin g s ession dependent informat ion 
to a network device having stored policies whi ch are 

\ ' 7^ * ~^ 

25 \ based on the session de pendent 'informatio n. The 

content provided by the network device to a device 
associated with the user is then automatically modified 
based on the policies and the provided session 
dependent iif?ormatTon*. 

3 0 In particular, the sessions-dependent content\iay 

include automatically translating content of a 
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communication provided to the device associated with 

the user from a first language to a second language. 

The sessjLon fjependent information m ay include the type 

of n etw or jc co nnecl^on, the£"type of device connected to 

the network, the user identification of the user ^ri ^^r^ ) 

t ^ - ■ — -f* — ■ 

an identification of an application executed by the 



user . 

While the invention has been described above 
primarily with respect to the method aspects of the 
invention, both systems and computer program products 
are also provided. 



Brief Description of the Drawings 

Figure 1 is a schematic diagram of a computer 
network suitable for use with the present invention; 

Figure 2 is a flowchart illustrating operations of 
a policy based session management system according to 
an embodiment of the present invention; 

Figure 3 is a flowchart illustrating operations of 
a particular embodiment of the policy based session 
managements system; and 

Figure 4 is a flowchart of a particular embodiment 
of the present invention where the policy based session 
management system provides automatic language 
translation of session content. 



Detailed Description of Preferred Embodiments 

The present invention now will be described more 
fully hereinafter with reference to the accompanying 
drawings, in which preferred embodiments of the 
invention are shown. This invention may, however, be 



embodied in many different forms and should not be 
construed as limited to the embodiments set forth 
herein; rather, these embodiments are provided so that 
this disclosure will be thorough and complete, and will 
fully convey the scope of the invention to those 
skilled in the art. As will be appreciated by one of 
skill in the art, the present invention may be embodied 
as methods, systems or computer program products. 
Accordingly, the present invention may take the form of 
a hardware embodiment, a software . embodiment or an 
embodiment combining software and hardware aspects. 

Figure 1 illustrates an embodiment of a computer 
network suitable for use with the present invention. 
Computer network system 10 includes a server 2 0 such as 
a Tivoli™ server and on-demand servers 22, 22". System 
10 further includes client stations 24, 24', 26, 26". 
As illustrated, on-demand servers 22, 22' are connected 
to server 20 over a first network segment 10'. Client 
stations 24, 24' are served by on-demand server 22 and 
communicate over network 10 ■ ' . Similarly, clients 26, 
26" are served by server 22' and communicate over 
network lO 11 '. As schematically illustrated in Figure 
1, client stations 24, 24', 26, 26" may be hardware 
from a variety of vendors operating a variety of 
different operating systems. However, in a preferred 
embodiment, each of the client stations 24, 24" , 26 and 
26' are capable of executing a Java™ (Sun Microsystems, 
Inc.) enabled web browser, 

System 10, as illustrated in Figure 1, is a 
centrally managed computer network with server 20 



acting as the central administration station executing 
network management software such as TME 10™ from Tivoli 
Systems, Inc. Servers 22, 22' act as on-demand servers 
for their respective associated client stations 24, 
5 24", 26, 26' and provide for client/server application 

support . It is further to be understood that networks 
10' , 10' ■ , 10' 1 ■ may be separate physical networks, 
separate partitions of a single physical network or may 
be a single network. Furthermore, server 2 0 may be 
10 configured to allow for direct communication between 

server 20 and clients 24 , 24 1 , 26 , 26 1 . 

As will be described further herein with reference 
to Figure 2, server 20, server 22 and/or server 22" may 
have stored on them" or have access to a repository of 
15 f rules or policies and preferences or data associated 
with the rules or policies so as to manage sessions 
with clients 24, 24', 26 and 26". Thus, for example, 
server 20 could maintain the repository of policies and 
associated data which could then be accessed by on- 
20 i demand servers 22 and 22 1 . Alternatively, a copy of 

the repository could be maintained at all or a portion 
of the servers . 

Preferably, on-demand servers 22, 22' are fr 
configured to operate within the eNetwork™ environment 
25 available from International Business Machines 

Corporation. Preferably the present invention is 
utilized in an On-Demand Server™ (IBM) system such as 
that described in commonly assigned and concurrently 
filed United States Patent Application Serial No. 
3 0 ' , entitled METHODS, SYSTEMS AND COMPUTER PROGRAM 
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PRODUCTS FOR CENTRALIZED MANAGEMENT OF APPLICATION 
PROGRAMS ON A NETWORK, and United States Patent 

<V Application Serial Number * , entitled METHODS, 

A 

SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR MANAGEMENT OF 
5 CONFIGURABLE APPLICATION PROGRAMS ON A NETWORK, the 

disclosures of which are hereby incorporated by- 
reference as if set forth fully herein. Similarly, the 
present invention may be utilized with a local 
application preference system such as that described in 
10 concurrently filed and commonly assigned United States 



Patent Application Serial Number °M ^ entitled 

A 

METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR 



MANAGEMENT OF PREFERENCES IN A HETEROGENEOUS COMPUTING 
ENVIRONMENT, the disclosure of which is hereby 
15 incorporated by reference as if set forth fully herein. 

However, while the present invention may be implemented 
in this environment, it is also suitable for use with 
other client/server and network management 
environments . 

20 As is described in more detail below, the present 

invention allows for control of a session based on 
policies and information about the session. Thus, for 
example, the present invention may control 
characteristics of communications over a network 

25 connection, characteristics of an application, access 

to applications, or other session content based on 
information about the instance of the operating 
environment of the session. As used herein, the term 
session refers to a period of time where the operating 

3 0 environment of a remote processor connected to a 

network is not expected to change. Thus, for example, 
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if the policies controlling a session relate to the 
network connection of the session and the type of 
hardware device connected to the session, then the 
session may be considered to start with connection to 
5 the network and end with disconnect. Similarly, if the 

control of the session utilizes policies further based 
on the user identification of a user logged on to the 
network, then the session may be considered to start 
when the user logs on and end when the user logs off. 

10 In an even finer granularity, if the policies 

controlling the session further control characteristics 
of an application, then the session may- be considered 
to start when the application is invoked and end when 
the application is terminated. Thus, as can be seen 

15 from the above discussion, the concept of a session may 

vary depending on the particular policies or rules 
utilized and, further, multiple sessions may 
concurrently occur if multiple policies control 
differing aspects of user activity with respect to the 

2 0 network. 

The present invention utilizes policies or rules 
to control a session by controlling the content and/or 
characteristics of the session based on information 
about the session. The types of information typically 

25 utilized to control a session will include the type of 

network connection (e.g. ethernet, modem, modem speed, 
duration of connection, etc) , the type of device 
connected (e.gr. desktop system, graphics workstation, 
laptop computer, personal data assistant (PDA) , 

30 operating system, display type, etc) , the application 

being executed or requested and the user identification 
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of the user. Collectively, this information makes up 
the operating environment of a user session. Based on 
all or part of the information about a user's operating 
environment, a centrally administered set of rules may 
be applied to customize the content provided to the 
user for the operating environment. 

As an example, a user may use client 24' to 
connect to server 22 and execute a graphics program 
over network 10 ■ ■ . Client 24' may be a graphics 
workstation with a display resolution of 1280 X 1024 
and be connected to the network over a 100MB ethernet 
adapter. When the user connects and requests the 
graphics application, the centrally administered rules 
would be, applied to the request to customize the 
content provided for the particular operating 
environment. Thus, data may be provided to the client 
24' in an uncompressed format and the information may 
be provided with 24 bit color and window locations and 
sizes and font sizes and the like set to accommodate 
the 1280 X 1024 display. When the user moves to client 
26' which is a remote personal computer having an 800 X 
600 display and using a modem to connect to network 
lO'' 1 this information would then be used by the 
centrally administered rules to control the content 
provided to client 26'. 

For example, if client 26" was incapable of 
running the graphics program, then the user's request 
for the program could be denied. Furthermore, if 
program execution was allowed, then the data provided 
over the lower speed modem connection could be 



compressed to increase performance. The window sizes 
and locations could also be modified to assure that the 
windows would be displayed on the lower resolution 
display. Thus, the content provided to the user would 
be modified using predefined rules and based on 
information about the operating environment of a user's 
session . 

In such a way, mobility within a heterogeneous 
network may be facilitated in that the control of 
content may be performed without user intervention 
based on the use of the centrally administered rules. 
As will be appreciated by those of skill in the art in 
light of the present disclosure, such a system may be 
utilized in any number of ways to control the 
characteristics of a session based on operating 
environment information. For example, to control 
network traffic to assure fairness, to prioritize 
content based on application priorities (e.g. provide 
content for higher priority applications before content 
for lower priority applications) , to assure compliance 
with administrative directives, for license 
authentication, to provide user preferences to users as 
they move from client to client, or combinations of 
each of these examples. As described below, the 
present invention may be particularly well suited to, 
for example, control language translation. 

Operations of the present invention will now be 
described with respect to the flowcharts of Figure 2 
through Figure 4 . It will be understood that each 
block of the flowchart illustrations, and combinations 
of blocks in the flowchart illustrations, can be 
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implemented by computer program instructions. These 
program instructions may be provided to a processor to 
produce a machine, such that the instructions which 
execute on the processor create means for implementing 
the functions specified in the flowchart block or 
blocks. The computer program instructions may be 
executed by a processor to cause a series of 
operational steps to be performed by the processor to 
produce a computer implemented process such that the 
instructions which execute on the processor provide 
steps for implementing the functions specified in the 
flowchart block or blocks. 

Accordingly, blocks of the flowchart illustrations 
support combinations of means for performing the 
specified functions, combinations of steps for 
performing the specified functions and program 
instruction means for performing the specified 
functions. It will also be understood that each block 
of the flowchart illustrations, and combinations of 
blocks in the flowchart illustrations, can be 
implemented by special purpose hardware -based systems 
which perform the specified functions or steps, or 
combinations of special purpose hardware and computer 
instructions . 

Referring now to the flowchart of Figure 2, 
operations for policy based management of session 
content are illustrated. As seen in Figure 2, a 
central policy server, such as servers 20, 22 or 22', 
receives a tuplet of operating environment information 
associated with a session on a workstation 24, 24", 26 
or 26' (block 100) . Such a tuplet preferably includes 
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{connection type; connected device; userid; 
application} . The level of detail in the information 
provided to the central policy server may vary 
depending on the policies or rules implemented. For 
5 example, if rules are based on a display resolution, 

then the information provided should include some 
information about the display. However, such 
information may be implicitly provided, for example, by 
categorizing devices based on common capabilities and 

10 then providing a device category to the central policy 

server. Furthermore, the information may be obtained 
or provided to the central policy server from a number 
of sources including the workstation, network devices 
connected to the workstation, servers associated with 

15 communications to or from the workstation or other 

sources. Thus, the information may be accumulated by 
the central policy server from various sources or may 
be received directly from the workstation itself. 
The central policy server then uses the 

20 information in the tuplet to modify the content to be 

provided to the user (block 102) and the modified 
content is provided to the user (block 104) . As 
described above, such modification of content may take 
many forms, including, but not limited to, compressing 

25 data for network transmission, removing color 

components for monochrome displays, providing text only 
for lower speed connections or text displays, 
prioritizing communications, varying preferences or 
setup options based on device characteristics, userids 

30 or the like. Furthermore, as the control of content is 

rules based, the content may be modified based on 
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combinations of information about the instance of the 
operating environment associated with a session. 

Figure 3 illustrates a particular example of a 
policy based system according to the present invention. 
As seen in Figure 3, a tuplet associated with the 
network user (block 120) becomes availab'leT^^r^ 
processing— and it is determined from the userid ana 



application specified by the tuplet if ^t-he us.erid has 
access rights to the requested application (block 122) . 

10 If the userid does not have access rights, then the 

request to execute the application is rejected and the 
server waits for the next tuplet event to process (i.e. 
receipt of a tuplet or obtaining of a tuplet) . 

If the userid does have access rights, then it is 

15 determined if the network connection and device 

portions of the tuplet specify a device and a 
connection which allow execution to the application 
(block 124). If not, then the request to execute the 
application is rejected. If the request is accepted, 

20 then it may be determined if the connection specified 

by the tuplet would benefit from modification of the 
content (block 126) , for example, by compression of the 
data transmitted over a low speed connection. If 
content modification for the connection is selected 

25 based on the tuplet, then content modification may be 

initiated for the connection (block 128) . As described 
above, the type of content modification may vary from 
connection to connection. Other examples of content 
modification based on connection characteristics 
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include removal of material such as graphics or text or 
the prioritization of material such as text. 

Irrespective of content modification based on the 
connection portion of the tuplet, it is also determined 
5 if content modification is appropriate based on the 

device portion of the tuplet (block 130) . If 
application of the rules determines that content 
modification for the specified device characteristics 
is appropriate, then the content modification for the 

10 device is initiated (block 132) . Such content 

modification may include any number of modifications, 
including modification of graphic information to 
provide monochrome information to monochrome monitors, 
modification of information based on operating system 

15 characteristics, display size, memory capacity, hard 

drive space, processing speed or other device dependent 
operating environment characteristics. For example, if 
it is determined that a system only supports 16 colors, 
then the content may be modified to reduce the color 

20 information from, for example, 24 bit color to 16 

colors . 

As is further seen in Figure 3, it may also be 
determined if content modification is appropriate based 
on the application which is to be performed (block 

25 134) . If so, then the content modification for the 

application may be initiated (block 136) . For example, 
application specific content modification may include 
modifying web pages provided to a web browser 
application to account for the type of browser or in 

30 combination with the userid or other information, to 

translate the content into another language. 
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Furthermore, applications such as data base 
applications or other applications requiring high 
network bandwidth may cause the content to be modified 
to compress the data before transmission over the 
network. Other examples of modification of the content 
based on . the application may include restructuring 
content to provide a simplified user interface. 

While the example of Figure 3 illustrates 
modification based on a single characteristics and 
combinations of characteristics, as will be appreciated 
by those of skill in the art, modification may be based 
on any combination of characteristics provided to the 
central policy server. 

Figure 4 illustrates a specific example of a 

language translator according to the present invention. 

Such a language translator may be utilized, for 

example, at a theme park or other venue where visitors 

who speak differing languages would utilize a pervasive 

computing device such as a PDA which communicates with 

a central server to obtain information about the park. 

As seen in Figure 4, se ssion dependent information is 

obtained from the client device (block 150) and a 

determination made based on the session dependent 

information if translation of content provided to the 

client is required (block 152) . For example, each 

different type of device in the theme park setting 

could translate to a different language. When a user 

activates the device, the device characte ris tics are 

^- — . 

provided to a common server which, based on the device, 
translates the content provided to the device to 
differing languages. This translation may be dynamic 
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or may be by selecting content in the appropriate 
language from pre- translated sources. Alternatively, 
in a web browser setting, the "language" setting of the 
operating system associated with a user session could 
5 be provided to the server and used to automatically 

modify content provided to the user's web browser to 
translate the content to the specified language. 

If language translation of the content is required 
then the language for translation is selected based on 

10 the session dependent information (block 154) and the 

content translated to the selected language (block 
156) . The translated content may then be provided to 
the client device (block 158) . Thus, the selection of 
whether to translate content to a different language 

15 and the translation language may be established without 

user intervention based on session dependent 
information such as user preferences, device types or 
the like. 

In the drawings and specification, there have been 
2 0 disclosed typical preferred embodiments of the 

invention and, although specific terms are employed, 
they are used in a generic and descriptive sense only 
and not for purposes of limitation, the scope of the 
invention being set forth in the following claims. 
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